alert ssh $HOME_NET any -> any any (msg:"ET INFO Potentially Vulnerable Cisco ConfD SSH Server Banner (CVE-2025-32433)"; flow:established,to_client; flowbits:set,ET.ErlangOTPBanner; ssh.software; content:"ConfD-"; reference:url,sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy; reference:cve,2025-32433; classtype:misc-activity; sid:2061806; rev:2; metadata:affected_product Erlang_OTP, affected_product Cisco_NSO, affected_product Cisco_ConfD, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_04_23, cve CVE_2025_32433, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Informational, tag Exploit, updated_at 2025_06_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:src_ip;)